httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: More help with apache and CGI-Perl
Date Tue, 02 Jul 2002 08:02:19 GMT
>From: John Passaniti []
> (1) So Why does Apache announce it's own platform in a bad
>request response and likely other responses?
> ...
> (2) In my experience, the script kiddies
>looking for vulnerabilities simply point their scripts at a block of IP
>addresses and let them rip.  

You answered your own question; because of (2), (1) doesn't matter!

Announcing a full server signature is friendly, doesn't encourage targetted hacking (by theorem
(2)) and doesn't harm your security (put it another way, if your system security depends on
no-one guessing your apache version, your in a bit of a pickle).


Owen Boyle

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message